Home > Guides to grow your business > Guides for online sellers

4 key types of eCommerce fraud and best practices to prevent them

For today’s consumers, the act of shopping online is a no-brainer. Whether they’re engaging with individual brand websites or larger online marketplaces, it’s a fact that customers across the globe are increasingly relying on the services of eCommerce websites.

While the rise of online commerce has meant great things for eCommerce businesses, the industry’s success also means that online merchants have become a prime target for fraudsters. For attackers looking to exploit online businesses, eCommerce fraud is the name of the game.

What is eCommerce fraud?

eCommerce fraud can be understood as the umbrella term for any form of illegal or fraudulent transaction made on an eCommerce website.

Although there are myriad eCommerce fraud techniques out there, they all have one fundamental thing in common — they mean bad things for your business.

Types of eCommerce fraud

In this article, we’ll dive into four notable types of eCommerce fraud to put on your radar:

Refund fraud
Friendly fraud
Account takeover (ATO) fraud
Buy now, pay later (BNPL) fraud

1. Refund fraud

Does your business accept returns? If so, fraudsters can attempt to take advantage of your return policy through commiting refund fraud. This technique can take the form of a bad actor attempting to return items that were purchased with a stolen credit card, using fake receipts to return goods, or utilising social engineering techniques (in other words, falsely describing an item as damaged or broken) in order to receive a refund on the purchase.

2. Friendly fraud

Also known as chargeback fraud, there’s not much that’s friendly about this attack vector. Friendly fraud occurs when customers abuse the credit card chargeback system by first making a purchase with their credit or debit card, after which they dispute the charge with their card issuer or bank. In this scenario, the customer doesn’t have a legitimate reason to dispute the charge – they’re simply looking for a way to get their money back.

3. Account takeover (ATO) fraud

It’s all in the name: When using this eCommerce fraud technique, a fraudster wrongfully gains access to and compromises a victim’s account. This is accomplished through social engineering attacks or by purchasing stolen credentials on the dark web. After criminals access an account, they lock the rightful account holder out through changing the account’s credentials and can do real damage by modifying account details and leaking sensitive data.

4. Buy now, pay later (BNPL) fraud

In the same vein as friendly fraud and ATO fraud techniques, buy now, pay later (BNPL) fraud attempts take advantage of BNPL payment options offered by online vendors. Using this method, fraudsters use stolen credentials to ⁠— once again ⁠— take over an account, after which they purchase a slew of items while opting for a BNPL scheme.

Open a World Account for free

Open 10+ local currency accounts with local account details
Direct CNH payments to 1688.com
Pay suppliers, partners and staff in 40+ currencies and 130+ destinations
Collect secure payments from 100+ marketplaces and payment gateways, including Amazon, AliExpress, Paypal and Shopify
Lock in currency conversion rates for up to 24 months

What are the signs of eCommerce fraud?

Although the methods that fraudsters use when carrying out various methods of eCommerce fraud are conniving in nature, there are a few dependable signs that merchants can be on the lookout for in order to detect eCommerce fraud and stop it in its tracks.

First-time shoppers

While it’s important not to steer away legitimate first-time customers, it’s key that eCommerce businesses properly vet shoppers making their initial purchase. This is because fraudsters will often input invalid details (such as a false name or fake shipping address) when entering their personal data. Taking the time to verify a user’s data can help your organisation avoid security pitfalls down the line.

Repeated declined transactions

Banks and card issuers will decline a transaction when signs of fraud are present, such as an incorrect card number or mismatched user data. Take it as a sign when you see multiple declined transactions present on your organisation’s eCommerce platform.

The use of different credit cards

This point highlights the importance of verifying user data in general. Any inconsistencies — including the use of multiple credit cards tied to the same shipping or IP address — should be seen as a red flag. The same goes for transactions made with the same credit card that are tied to different shipping addresses.

eCommerce fraud prevention strategies and best practices

As we’ve explored, various types of eCommerce fraud include several basic elements that online retailers must beware of. How can eCommerce businesses protect themselves against each of the aforementioned types of fraud, then? The use of a simple checklist is a good place to get started.

Here are a few best practices to include and implement in your organisation’s fraud management strategy.

Implement multi-factor authentication (MFA) protocols: In case your password becomes compromised, MFA serves as a second layer of security and ensures that your account remains secure. MFA can be applied through the use of SMS or a dedicated authenticator mobile app.
Prioritise security audits: With the help of internal or external experts, vendors can assess the security of their eCommerce platform and form a clear picture of any exposure to data leakage and various forms of eCommerce fraud.
Achieve and maintain PCI compliance: Before online merchants accept online credit card payments, it’s crucial to achieve compliance with the Payment Card Industry Data Security Standards (PCI DSS), an international standard established to promote the safety and security of customer financial data and ensure that retailer websites meet the criteria for accepting payments online.

Here’s how to avoid eCommerce fraud with WorldFirst

As your business scales, so does its attack surface. The good news? By equipping staff with the proper knowledge of online fraud techniques and a checklist of fraud prevention strategies, it’s possible for eCommerce businesses to avoid today’s prevalent eCommerce fraud attacks.

By using WorldFirst, your eCommerce business can safely extend your business reach into new territories. Access free, locally-based currency accounts to collect overseas sales revenue in local currency from marketplaces and payment gateways like Amazon, eBay, Stripe, and more.

Find out more about WorldFirst and learn how to limit your organisation’s risk of eCommerce fraud.

Disclaimer: These comments are the views and opinions of the author and should not be construed as advice. You should act using your own information and judgement. Whilst information has been obtained from and is based upon multiple sources the author believes to be reliable, we do not guarantee its accuracy and it may be incomplete or condensed. All opinions and estimates constitute the author’s own judgement as of the date of the briefing and are subject to change without notice. Please consider FX derivatives are high risk, provide volatile returns and do not guarantee profits.